← Back to Skills Marketplace
2806
Downloads
2
Stars
7
Active Installs
1
Versions
Install in OpenClaw
/install nanobanana-ppt-skills
Description
基于 AI 自动分析文档内容,智能规划并生成多风格高清 PPT 图片,支持可选转场视频和交互式播放体验。
Usage Guidance
Summary of what to check before installing/using:
- Do not paste API keys into chat prompts. The README contains example prompts that include 'MY API KEYS' — sending actual keys into conversation will leak them to the agent/skill.
- Verify the repository/source before cloning. The skill references a GitHub repo; confirm the URL and owner are legitimate and review the repo on GitHub rather than relying solely on the SKILL.md.
- Inspect install scripts (install_as_skill.sh, run.sh) and any scripts that modify ~/.zshrc or write .env files before executing them. Ensure they do not add unexpected remote endpoints, telemetry, or write secrets to shared locations.
- Prefer manual installation: create a virtualenv, run pip installs yourself, and populate a local .env that you control. Avoid letting an agent perform the git clone + install steps with secrets provided in prompts.
- Limit where API keys are stored: prefer a skill-specific .env in the skill directory or system environment variables with limited scope. Be cautious because the code's described search-upward behavior for .env could pick up keys from unrelated projects.
- If you need only image generation, skip providing KLING keys (video service) unless you plan to use video features.
- If you decide to proceed, run the scripts in a sandboxed environment first (or examine them line-by-line). If anything in the scripts looks like it exfiltrates data to unknown endpoints, stop and revoke any keys that were used.
Overall: functionality looks coherent with the stated feature set, but several instruction-level practices (encouraging keys in prompts, modifying shell startup files, searching multiple .env locations) are risky — treat this skill as suspicious until you manually review the code and scripts.
Capability Analysis
Type: OpenClaw Skill
Name: nanobanana-ppt-skills
Version: 0.1.0
The skill bundle exhibits several risky capabilities without clear evidence of intentional malicious behavior, leading to a 'suspicious' classification. Key indicators include the ability to read arbitrary local files (e.g., user documents) as input, as explicitly stated in `SKILL.md` ('使用 Read 工具读取文件内容'). This broad file access, combined with the skill's functionality to send user-provided content and images (base64 encoded) to multiple external AI services (Google Gemini, Kling AI, Claude AI via `kling_api.py` and `transition_prompt_generator.py`), presents a potential data exfiltration risk if the AI agent itself were compromised by a prompt injection. Furthermore, the `transition_prompt_generator.py` directly embeds a `content_context` (which could originate from user input processed by the agent) into the prompt sent to Claude, creating a potential prompt injection vector against the downstream AI. While `ffmpeg` is used for legitimate video processing in `video_composer.py`, its execution via `subprocess.run` adds to the overall risk profile due to its powerful system access.
Capability Assessment
Purpose & Capability
The SKILL.md and code clearly implement an AI-driven PPT + video generator using a Google/Gemini image API (named 'Nano Banana Pro' / GEMINI_API_KEY) and an optional Kling video API (KLING_ACCESS_KEY/KLING_SECRET_KEY) — those credentials and APIs make sense for the stated purpose. However, the registry metadata claims no required env vars or primary credential while SKILL.md documents GEMINI_API_KEY as required (and optional KLING keys). That mismatch between declared registry requirements and the runtime instructions is an incoherence the user should notice.
Instruction Scope
The runtime instructions ask the agent to read user files and directories (document paths, styles/, outputs/), to search upward for .env files and dotfiles, to change into ~/.claude/skills/ppt-generator, and to run Python scripts and install scripts. Critically, the README/SKILL.md explicitly suggests pasting API keys into prompts sent to Claude Code (and shows sample prompts containing 'MY API KEYS'), which would expose secrets in chat. The instructions also recommend adding exports to ~/.zshrc and describe scanning for environment variables across locations — behavior that can leak or pick up other unrelated credentials.
Install Mechanism
There is no formal registry install spec; instead the repo includes install scripts (install_as_skill.sh, run.sh) and SKILL.md shows git clone + install steps (pip install, virtualenv, optionally brew/apt for ffmpeg). Pulling code from the referenced GitHub repo is standard for open-source tools, but because installation is manual (or delegated to an LLM via instructions), the user should review install scripts before running them. There is no download-from-untrusted-URL pattern here, but absence of a declared install spec in the registry vs. included scripts is an inconsistency to note.
Credentials
The only functional required secret is GEMINI_API_KEY (reasonable). Optional KLING keys are justified for video features. However the docs also mention placeholder keys for other services (OpenAI, Anthropic, Stability) and recommend searching multiple locations for .env and ~/.zshrc, which could cause accidental exposure or reuse of unrelated credentials. Also the README/QUICKSTART contains explicit examples that encourage copying API keys into prompts or into ~/.zshrc — both increase the risk of secret leakage if followed blindly.
Persistence & Privilege
The skill is not declared always: true (so not force-installed), but the installation and usage instructions create files under ~/.claude/skills/ppt-generator, may write a .env there, and explicitly recommend appending export lines to shell config files (~/.zshrc). Modifying shell startup files and creating persistent skill directories are normal for a skill, but these instructions change user environment and could inadvertently persist secrets or affect other workflows. Review any install scripts that modify shell config before running them.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nanobanana-ppt-skills - After installation, invoke the skill by name or use
/nanobanana-ppt-skills - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
PPT Generator Pro major release 2.0 adds AI-powered PPT, video, and interactive features.
- 全新支持 AI 自动规划、提取文档要点并生成高质量 PPT 图片(16:9 比例,多风格选择)
- 新增转场视频生成,首页循环动画预览,完整视频与交互式播放网页
- 多风格系统(渐变毛玻璃、矢量插画),自动检测可选风格
- 分辨率、页数、风格、视频模式等引导式交互
- 自动管理环境变量,详细执行流程和错误提示
- 可选 AI 转场视频(需可灵 API 密钥),并自动合成完整演示视频
Metadata
Frequently Asked Questions
What is NanoBanana PPT Skills?
基于 AI 自动分析文档内容,智能规划并生成多风格高清 PPT 图片,支持可选转场视频和交互式播放体验。 It is an AI Agent Skill for Claude Code / OpenClaw, with 2806 downloads so far.
How do I install NanoBanana PPT Skills?
Run "/install nanobanana-ppt-skills" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is NanoBanana PPT Skills free?
Yes, NanoBanana PPT Skills is completely free (open-source). You can download, install and use it at no cost.
Which platforms does NanoBanana PPT Skills support?
NanoBanana PPT Skills is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created NanoBanana PPT Skills?
It is built and maintained by ITRocker (@itrocker); the current version is v0.1.0.
More Skills